Support Openscap OVALs and ContentAsCode 0.1.73
enabling support for OpenSCAP OVAL scans separate from OpenSCAP XCCDF scans (OVALs are CVE checks)
why:
- ComplianceAsCode (0.1.73) removed the XCCDF baked-in OVALs for rhel, breaking ironbank-modules
- now support OVAL scans for debian and ubuntu, not just redhat and suse
- replaced xml parser by converting the xmls to native dictionaries, no need for a special xml parser library
- the openscap-scan job now outputs artifacts for vat and generate-documentation jobs instead of parsing the xml multiple times
- removed generate-documentation's use of ironbank-module openscap xml module which downloads rhel/suse ovals from the internet as artifacts every pipeline if a cve is found (this can happen 100s of times if a new CVE appears)
tested with alpine and ubi using new images (see dependent MRs):
- alpine: https://code-ib-mario.staging.dso.mil/ironbank-tools/tools/trigger/-/jobs/234063 trigger-alpine.csv
- ubi: https://code-ib-mario.staging.dso.mil/ironbank-tools/tools/trigger/-/jobs/234602 trigger-ubi.csv
side note:
- added variables for check-findings / robotnik to aid development
Edited by Chad Geary